Security

by Paul Ducklin Remember the jokes (OK, they were sold as “jokes” when you were at school to add a touch of excitement to Eng. Lang. lessons) about creating valid and allegedly meaningful sentences with a single word repeated many times? There’s an very dubious one with the word BUFFALO seven times in a row,

The owner of a Delaware computer repair shop, who alerted the FBI to the contents of a laptop reportedly owned by President Joe Biden’s son, Hunter, is suing a politician and several news media outlets for allegedly defaming him. John Paul Mac Isaac said Hunter’s MacBook Pro was dropped off at his shop in April 2019 and

by Paul Ducklin Back in the late 1960s and the start of the 1970s (or so we’ve heard), primary school children in the UK got a special treat. Unlike their parents and grandparents before them, they were exempted from learning how to do calculations involving money. Their teachers were no longer expected to show them

Privacy and data security concerns have been raised over a plan to link South African phone users’ biometric data to their SIM cards. The proposal by the Independent Communications Authority of South Africa (ICASA) was among a list of draft regulations published by the watchdog for public commentary in March. If approved, it would give

by Paul Ducklin Google’s May 2022 updates for Android are out. As usual, the core of Android received two different patch versions. The first is dubbed 2022-05-01, and contains fixes for 13 CVE-numbered vulnerabilities. Fortunately, none of these are currently being exploited, meaning that there are no zero-day holes known this month; none of them

A former executive of eBay has pleaded guilty to taking part in a disturbing cyber stalking campaign waged against a married couple from Massachusetts. The couple’s terrifying experience began after they wrote about eBay in an online newsletter aimed at eBay sellers, which they edited and published.  Under the campaign, parcels with horrifying contents were anonymously sent

by Paul Ducklin Firefox has followed Chromium to the century mark, reaching a score of 100* with its latest scheduled almost-monthly release. For readers without the sporting good fortune of living in a cricket-playing country, an individual score of 100 in a single innings, known as a century or a ton, is considered a noteworthy

Spyware has been detected on the cell phones of Spain’s prime minister, Pedro Sánchez, and the country’s defense minister, Margarita Robles. In a press conference given Monday morning, the Spanish government said that the phones had been infected with Pegasus spyware and extracted data from both devices.  The minister for the presidency, Félix Bolaños, said that the

A Texas school district employee has tendered their resignation after being caught secretly mining cryptocurrency on school premises.  Pings picked up by Galveston Independent School District’s firewall a couple of weeks ago aroused the suspicion of the district’s IT department. An investigation into the activity determined that multiple cryptocurrency mining machines were operating on the

The Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) and New York Metro InfraGard Members Alliance (NYM-IMA) are coming together to tackle cyber threats facing the bioeconomy.  The partnership, which aims to protect economic activity in the United States involving the use of biotechnology and biomass in the production of goods, services or energy, was announced on Thursday. 

A cyber-attack on a hotel reservation system has exposed the personal data of thousands of guests who stayed at upscale Finnish hotels. News of the security incident, which has impacted at least five hotels, was first reported by Finnish news agency MTV on Tuesday.  Between February 10 and 14, cyber-attackers exploited a vulnerability to hack

by Paul Ducklin Early in April 2022, news broke that various users of Microsoft’s GitHub platform had suffered unauthorised access to their private source code. GitHib has now updated its incident report to say that it is “in the process of sending the final expected notifications to GitHub.com customers who had either the Heroku or

A woman from Los Angeles, who coughed on an Uber driver in a video that went viral last spring, has been accused of stealing the identity of her former neighbor.  Arna Kimiai, known on social media as ‘Cough Girl,’ was charged over the March 7 2021 incident involving San Francisco Uber driver, Subhakar Khadka. A video shared

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Listen on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.Or simply drop the URL

An Israeli private investigator could spend the next 27 years in prison after pleading guilty to taking part in an international fraud and hacking conspiracy. Aviram Azari was arrested in Manhattan, New York, in 2019 and charged with conspiracy to commit computer hacking, aggravated identity theft, and wire fraud.  The 50-year-old private detective, who served in a

by Paul Ducklin Even if you’re not a native speaker of English, you’ve probably heard the curious saying, “It’s a bit of a Curate’s Egg”, referring to something about which you’re determined to keep a positive public attitude, even if your immediate private reaction was to be disappointed. The saying has certainly stood the test

The British Army’s online recruitment portal has been offline for more than a month following a data breach.  Officials shut the computerized enrollment system down in the middle of March as a precaution after the personal data of more than 100 army recruits was found being offered for sale on the dark web. An investigation

by Paul Ducklin We’re sure you’ve heard of the KISS principle: Keep It Simple and Straightforward. In cybersecurity, KISS cuts two ways. KISS improves security when your IT team avoids jargon and makes complex-but-important tasks easier to understand, but it reduces security when crooks steer clear of mistakes that would otherwise give their game away.

Email accounts at a Kansas hospital were compromised for nearly a year in a prolonged data breach affecting more than 52,000 individuals. Emporia-based Newman Regional Health was breached by an unauthorized threat actor last year. In a data security notice on its website, the healthcare provider disclosed that the actor was able to access a limited number of email

An American respiratory care provider is facing multiple lawsuits over a data breach that allegedly exposed the personal information of more than 300,000 current and former patients. SuperCare Health, headquartered in Downey, California, began notifying patients of a data security incident in late March. According to a notice on the healthcare provider’s website, SuperCare Health discovered unauthorized activity on

Pennsylvania-based convenience store and gas station chain Wawa is seeking the return of penalties it paid to Mastercard following a 2019 data breach of its customer payment security systems. In December 2019, Wawa CEO Chris Gheysens announced that malware that steals credit card information had potentially been operating at Wawa’s 842 locations across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Washington, DC

by Paul Ducklin Oracle’s latest quarterly security updates just arrived. Unlike other software behemoths such as Microsoft, Adobe and Google, who produce official security updates once a month, thus following a schedule that is both regular and frequent, Oracle has historically and resolutely stuck to just four scheduled updates a year. Even Apple, which notoriously

by Paul Ducklin QNAP, the makers of Networked Attached Storage (NAS) devices that are especially popular with home and small business users, has issued a warning about not-yet-patched bugs in the company’s products. Home and small office NAS devices, which typically range in size from that of a small dictionary to that of a large

A Canadian youth employment services provider has launched a free cybersecurity training program. Funded by the Government of Ontario’s Skills Development Fund, the new program offered by Youth Employment Services (YES) aims to help Canadian youngsters who disclose mental health issues and Ukrainian refugees find work in the cybersecurity industry.  YES president and CEO Timothy Lang said:

A United Nations expert on North Korea has said the country is funding its banned nuclear and missile programs with cyber activity.  Eric Penton-Voak, a coordinator of the UN group tasked with monitoring the enforcement of sanctions on North Korea, made the comment on Wednesday and called for increased focus on cybercrime stemming from the country. North

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’24”] Fun Fact. Do you know your Adam Osborne from your John Osbourne? [01’12”] Another 0-day in Chrome. [05’03”] How not to choose a cybersecurity holiday destination. [07’37”] This Week in Tech History.

by Paul Ducklin Back when the Bitcoin protocol was invented, the idea was to build a simple global payment system that wasn’t (and couldn’t be) controlled by any central broker. In other words, you wouldn’t need to apply to a private company for a credit card, or to get permission from a regulator to send

UK government employees are targeted with billions of malicious emails every year and may have clicked on tens of thousands of suspicious links, according to Comparitech. The tech comparison firm received answers from 260 government organizations to which it submitted freedom of information (FOI) requests. From these, it then calculated that 764,331 government employees ‘received’

LinkedIn has become by far the most impersonated brand for phishing attacks, according to new research by Check Point Research (CPR). The cybersecurity vendor’s 2022 Q1 Brand Phishing Report revealed that phishing attacks impersonating the professional social networking site made up over half (52%) of all attempts globally in the first quarter of 2022. This represents a 44% increase

German wind turbine manufacturer, Nordex Group, was hit by a cyber-attack on 31 March 2022, with an update issued by the firm this week. The cyber-attack was detected by IT security team at an early stage, according to Nordex, and response measures were taken quickly. Nordex revealed that the necessary response protocols were taken and IT